If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Decreased security in new forcefield

I used to have zonealarm firewall and forcefield seperately; and it worked great. Every new private browsing session was clean and my browsing history was secure if I just remembered to kill the session when I was done.
Now, I have zonealarm extreme security, with in-built forcefield and much to my surprise it stores all my secure browsing histories, so that my browsing privacy can be compromised by just opening a "private" browser. To avoid it I have to go clear the virtual data every time, and that's not very cool.
Why has this been changed, and can it be changed back somehow?
Also; I noticed that the old version had virtualization on by default after install, whereas this new one doesn't, that's pretty bad too.

Re: Decreased security in new forcefield

Hi!
could you please add an example? Or be more specific? I can't see this here... post exact steps to reproduce the problem.
No history is recorded if I use private browser... while in private browser mode I can only see the history that is in the unprotected cache...
Remove all the history/cache of your browser with forcefield OFF then try again.

Also report the exact version of ZA Extreme you are using.

Thanks,
Fax
P.S. Yes, virtualization is off by default in ZA Extreme. This is by design. Unless you know how FF works, it can be really frustrating and confusing for novice users.

Re: Decreased security in new forcefield

Well; it's hard to know how to make it occur since I'm not sure where it suddenly came from. It might be setting-related, i.e. specific to my setup. But Forcefield does tell me that it's having trouble with stability every so often, but I haven't noticed any other glitches resulting from that alleged instability.
When I start a private browsing window, and start to type the name of a site previously visited only in private browsing, the address bar suggests those sites, i.e. they are recognized from histories, and are stored somewhere.

I talked to tech support about it, and first fix was to reset my forcefield config; but that didn't work.
The next instructions did work, for a while, now the problem is back.
Here's what worked for a while :

Tech: Please try the following instructions:

Tech: - Close all browsers

Tech: - Open ZoneAlarm

Tech: - Click Browser Security on the left

Tech: - Click the Settings button, and then choose the Advanced tab

Tech: - Clear virtual data, and then click OK

Tech: - Turn ForceField OFF

Tech: - Click Start --> Control Panel --> Internet Options

Tech: - Click Delete --> Delete Temporary Internet Files

Tech: - Security (Tab) --> set to Default level

Tech: - Advanced (Tab) --> Restore advanced settings

Tech: - Turn ForceField back on

I'm going to go through that process again, at least it worked for a while. I wonder if it has to do with using hibernate shutdown. We'll see.

Re: Decreased security in new forcefield

Originally Posted by bralbral

Well; it's hard to know how to make it occur since I'm not sure where it suddenly came from. It might be setting-related, i.e. specific to my setup. But Forcefield does tell me that it's having trouble with stability every so often, but I haven't noticed any other glitches resulting from that alleged instability.
When I start a private browsing window, and start to type the name of a site previously visited only in private browsing, the address bar suggests those sites, i.e. they are recognized from histories, and are stored somewhere.

I talked to tech support about it, and first fix was to reset my forcefield config; but that didn't work. The next instructions did work, for a while, now the problem is back.Here's what worked for a while :

~~Snip~~

I'm going to go through that process again, at least it worked for a while. I wonder if it has to do with using hibernate shutdown. We'll see.

Thank you for your feedback to us users..

I recomend that you continue Contact Tech Support with more Feedbackso that they will nkow there last advise did not completly resove your problem..

This way they will excalate your problem and details on up the chain to the Developers..

Re: Decreased security in new forcefield

So far so good. The latest instructions were to download the cpes_clean.exe, which ensures a clean uninstall of the product, and then reinstall.
In the past the problem has reoccurred after a couple of days, so it's too early to say if this is the final fix.

Re: Decreased security in new forcefield

Problem persists, but now I think I can reproduce it on purpose.
After I make it go awat, it turns up again if I enable virtualization, and then download a file through a private session. After that, at least the download page shows on the IE address field when I start typing it in a new private session.
I have Windows XP SP3
ZA Extreme security 9.1.008.000
Forcefield ver 1.5.53.4

Tech support promised to research the problem, I'll come back with info when I have it.

What's up with virtualization anyway? It's not on by default but it's description makes it sound like forcefield isn't working to full potential without it...

Re: Decreased security in new forcefield

Originally Posted by bralbral

Problem persists, but now I think I can reproduce it on purpose.
After I make it go awat, it turns up again if I enable virtualization, and then download a file through a private session. After that, at least the download page shows on the IE address field when I start typing it in a new private session.
I have Windows XP SP3
ZA Extreme security 9.1.008.000
Forcefield ver 1.5.53.4

Tech support promised to research the problem, I'll come back with info when I have it.

What's up with virtualization anyway? It's not on by default but it's description makes it sound like forcefield isn't working to full potential without it...

If you are referring to the Private Browser, I think you will find the answer at the top of page 24 in the User's Guide.

"Why not use Private Browser all the time? Convenience is the reason you may not want to use Private Browser all the time. You may prefer the convenience of having Web sites you trust remember you and your shopping cart information (through the use of cookies), or you might appreciate the convenience of auto-completion and auto-fill finishing your typing for you. You may also like to use your History list to get back to a site you were visiting at an earlier time."

Re: Decreased security in new forcefield

No, I'm not talking about private browsing, I'm talking about the advanced setting "Enable virtualization", and it's blurb "Virtualization is the power behind ZoneAlarm ForceField. It uses encryption and emulation to prevent malicious programs from reaching your computer".
Now that, and all the talk in the Forcefield user guide about how virtualization is what forcefield is all about, makes it a bit strange that theres an "enable virtualization" box that's unchecked by default. It makes me wonder how much functionality difference there is in whether that box is checked or not... anybody have answers or experience? Anyway, my private browsing maybe works better with that box unchecked.
As you'll see from the user guide it contains recommendation to keep virtualization enabled, but there's no mention of which parameters might suggest against it, like how much CPU power and/or memory should be available.

Oh, and one easy way to check if your forcefield private browsing is behaving like mine at least partially: Open a private browsing session and then go download some file through it. Then go check your windows XP "recent" folder, if the file is listed there, then FF isn't doing all that it should.

Re: Decreased security in new forcefield

Hi!
User downloads of file(s) (e.g. ZASPSetup_91_008_000_en.exe) are not covered by virtualization or privacy feature. Once you saved on the hard disk its too late also running the file is NOT covered by ZA FF. ZA FF is not designed for that. Also the virtualization is OFF by default on ZAX. This is BY DESIGN as already reported to you. There is no bug.

I think you are mixing up functionality. With the virtualization UNchecked the add-on, drive-by-downloads, background activity within the browser (non-user initiated) will not be isolated from the rest of the system.

Re: Decreased security in new forcefield

Ok, so that's no good for a test then. The other problem is still real though, a history is kept from private session to private session, although I have no idea where it might be saved, it's not visible from non-private sessions.

The point about the virtualization setting is that the whole documentation is full of stuff about the importance of virtualization... but then it's not on by default. So, I know it's not a bug. But there's a lot of unanswered questions there:
What difference does it really make whether it's on or off?
When is it good to enable virtualization, when isn't it?
Is it ever?
Shouldn't FF be using virtualization if most of the features it's sold on require it?
Why has it been relegated to an opt-in?
Do you understand what I mean? For example, if there's a hardware requirement, it'd be nice to know what it is...
I'm experiencing a bug that might relate to virtualization, I'm constantly exploring to see what might cause the problem, but so far downloading throught a private session with ZAX virtualization on seems the strongest candidate. So I'm asking these questions to help me find relevant issues for clarifying the reasons for the glitch.

Last edited by bralbral; January 29th, 2010 at 11:48 AM.
Reason: missed a point